Snort mailing list archives
Snort Restarter and Crash Logger (was Re: Re: Log file problem)
From: Dragos Ruiu <dr () kyx net>
Date: Mon, 6 Aug 2001 12:27:54 -0700
I too find daemontools a bit of overkill for this problem. Here is a little
shell script excerpt that you can run from crontab once a minute
or once every couple of minutes to restart dead snorts and it will
also log crashes so you know about them:
#!/bin/sh
$i = "snort.conf"
for $IFACE in fxp0 fxp1
do
if [ -f /var/run/snort_$IFACE.pid ]; then
if ! ps -p `cat /var/run/snort_$IFACE.pid` > /dev/null ; then
echo `date` snorthup: removing bogus pidfile >>/var/log/messages
echo `date` snorthup: restarting absentee snort on $IFACE with conf file $i >>/var/log/messages
rm -f /var/run/snort_$IFACE.pid
/usr/local/bin/snort -D -c $i -i $IFACE
fi;
else
echo `date` snorthup: restarting snort on $IFACE with conf file $i >>/var/log/messages
/usr/local/bin/snort -D -c $i -i $IFACE
fi
done
On Sun, 05 Aug 2001, Ralf Hildebrandt wrote:
It's just THE tool for snort. Without it, I couldn't keep my snort box up & running ...Looks like a bit of an overkill for me, but thanks.The problem with snort is that you cannot rely on it being "up" all the time. It happened all too often that it crashed in the middle of the night, leaving the snort sensor down until the next morning. Now, with daemontools, no manual intervention is needed. If snort crashes, it's back up the next second. -- ralf.hildebrandt () innominate com innominate AG Technical Consultant Don't be afraid of what you see - Diplom-Informatiker be afraid of what you don't see! tel: +49.(0)7000.POSTFIX fax: +49.(0)30.308806-77 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
-- Dragos Ruiu <dr () dursec com> dursec.com ltd. / kyx.net - we're from the future gpg/pgp key on file at wwwkeys.pgp.net or at http://dursec.com/drkey.asc _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Log file problem Ush (Aug 04)
- Re: Log file problem Ralf Hildebrandt (Aug 05)
- Re: Log file problem Ush (Aug 05)
- Re: Re: Log file problem Jörgen Persson (Aug 05)
- Re: Re: Log file problem Ralf Hildebrandt (Aug 05)
- Re: Log file problem Ush (Aug 05)
- Re: Re: Log file problem Ralf Hildebrandt (Aug 05)
- Re: Log file problem Ush (Aug 05)
- Snort Restarter and Crash Logger (was Re: Re: Log file problem) Dragos Ruiu (Aug 06)
- Re: Snort Restarter and Crash Logger (was Re: Re: Log file problem) Kyle R Maxwell (Aug 07)
- Re: Snort Restarter and Crash Logger (was Re: Re: Log file problem) Dragos Ruiu (Aug 07)
- Re: Log file problem Ush (Aug 05)
- Re: Log file problem Ralf Hildebrandt (Aug 05)
- Re: Re: Log file problem Jörgen Persson (Aug 05)
- Re: Log file problem Ush (Aug 05)
- <Possible follow-ups>
- Re: Re: Log file problem Rob Whelan (Aug 05)
- Re: Log file problem Ush (Aug 05)